@ -1,73 +0,0 @@ | |||
From ce7de0261f0c1f1640da5673dd24939a37e33bd9 Mon Sep 17 00:00:00 2001 | |||
From: Rosen Penev <rosenp@gmail.com> | |||
Date: Thu, 23 Jan 2020 18:53:06 -0800 | |||
Subject: [PATCH 1/2] libcrypto-compat: add extra functions | |||
Changed the define to compare OPENSSL_API_COMPAT instead of version as | |||
OpenSSL can be compiled in different ways. One is to disable all | |||
deprecated APIs. | |||
Added extra functions. The next commit will switch to them. | |||
Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||
--- | |||
src/libcrypto-compat.c | 14 ++++++++++++++ | |||
src/libcrypto-compat.h | 8 +++++++- | |||
2 files changed, 21 insertions(+), 1 deletion(-) | |||
diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c | |||
index 048d1781..3604763f 100644 | |||
--- a/src/libcrypto-compat.c | |||
+++ b/src/libcrypto-compat.c | |||
@@ -280,6 +280,11 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx) | |||
OPENSSL_free(ctx); | |||
} | |||
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) | |||
+{ | |||
+ EVP_CIPHER_CTX_init(ctx); | |||
+} | |||
+ | |||
HMAC_CTX *HMAC_CTX_new(void) | |||
{ | |||
HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX)); | |||
@@ -394,3 +399,12 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) | |||
} | |||
return 1; | |||
} | |||
+ | |||
+const char *OpenSSL_version(int type) | |||
+{ | |||
+ return SSLeay_version(type); | |||
+} | |||
+unsigned long OpenSSL_version_num(void) | |||
+{ | |||
+ return SSLeay(); | |||
+} | |||
diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h | |||
index bda0473e..44e14801 100644 | |||
--- a/src/libcrypto-compat.h | |||
+++ b/src/libcrypto-compat.h | |||
@@ -34,6 +34,8 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); | |||
EVP_MD_CTX *EVP_MD_CTX_new(void); | |||
void EVP_MD_CTX_free(EVP_MD_CTX *ctx); | |||
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); | |||
+ | |||
HMAC_CTX *HMAC_CTX_new(void); | |||
int HMAC_CTX_reset(HMAC_CTX *ctx); | |||
void HMAC_CTX_free(HMAC_CTX *ctx); | |||
@@ -44,6 +46,10 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); | |||
void DH_get0_key(const DH *dh, | |||
const BIGNUM **pub_key, const BIGNUM **priv_key); | |||
int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); | |||
+ | |||
+const char *OpenSSL_version(int type); | |||
+unsigned long OpenSSL_version_num(void); | |||
+ | |||
#endif /* OPENSSL_VERSION_NUMBER */ | |||
#endif /* LIBCRYPTO_COMPAT_H */ | |||
-- | |||
2.24.1 | |||
@ -1,63 +0,0 @@ | |||
From 73f0e186964126c9e2bfba43488f543ace54746b Mon Sep 17 00:00:00 2001 | |||
From: Rosen Penev <rosenp@gmail.com> | |||
Date: Thu, 23 Jan 2020 18:54:51 -0800 | |||
Subject: [PATCH 2/2] libcrypto: remove deprecated API usage | |||
EVP_CIPHER_CTX_init was replaced with _reset. | |||
Removed EVP_CIPHER_CTX_cleanup. The successive _free call handles that. | |||
Removed old SSLeay function usage. | |||
Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||
--- | |||
src/libcrypto.c | 9 ++++----- | |||
1 file changed, 4 insertions(+), 5 deletions(-) | |||
diff --git a/src/libcrypto.c b/src/libcrypto.c | |||
index b3792264..7ce7d93a 100644 | |||
--- a/src/libcrypto.c | |||
+++ b/src/libcrypto.c | |||
@@ -541,7 +541,7 @@ static int evp_cipher_set_encrypt_key(struct ssh_cipher_struct *cipher, | |||
int rc; | |||
evp_cipher_init(cipher); | |||
- EVP_CIPHER_CTX_init(cipher->ctx); | |||
+ EVP_CIPHER_CTX_reset(cipher->ctx); | |||
rc = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV); | |||
if (rc != 1){ | |||
@@ -574,7 +574,7 @@ static int evp_cipher_set_decrypt_key(struct ssh_cipher_struct *cipher, | |||
int rc; | |||
evp_cipher_init(cipher); | |||
- EVP_CIPHER_CTX_init(cipher->ctx); | |||
+ EVP_CIPHER_CTX_reset(cipher->ctx); | |||
rc = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV); | |||
if (rc != 1){ | |||
@@ -657,7 +657,6 @@ static void evp_cipher_decrypt(struct ssh_cipher_struct *cipher, | |||
static void evp_cipher_cleanup(struct ssh_cipher_struct *cipher) { | |||
if (cipher->ctx != NULL) { | |||
- EVP_CIPHER_CTX_cleanup(cipher->ctx); | |||
EVP_CIPHER_CTX_free(cipher->ctx); | |||
} | |||
} | |||
@@ -1481,11 +1480,11 @@ int ssh_crypto_init(void) | |||
if (libcrypto_initialized) { | |||
return SSH_OK; | |||
} | |||
- if (SSLeay() != OPENSSL_VERSION_NUMBER){ | |||
+ if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER){ | |||
SSH_LOG(SSH_LOG_WARNING, "libssh compiled with %s " | |||
"headers, currently running with %s.", | |||
OPENSSL_VERSION_TEXT, | |||
- SSLeay_version(SSLeay()) | |||
+ OpenSSL_version(OpenSSL_version_num()) | |||
); | |||
} | |||
#ifdef CAN_DISABLE_AESNI | |||
-- | |||
2.24.1 | |||
@ -1,165 +0,0 @@ | |||
From 1493b4466fa394b321d196ad63dd6a4fa395d337 Mon Sep 17 00:00:00 2001 | |||
From: Andreas Schneider <asn@cryptomilk.org> | |||
Date: Wed, 3 Jun 2020 10:04:09 +0200 | |||
Subject: [PATCH 1/4] sftpserver: Add missing NULL check for ssh_buffer_new() | |||
Thanks to Ramin Farajpour Cami for spotting this. | |||
Fixes T232 | |||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||
--- | |||
src/sftpserver.c | 6 ++++++ | |||
1 file changed, 6 insertions(+) | |||
diff --git a/src/sftpserver.c b/src/sftpserver.c | |||
index 5a2110e5..b639a2ce 100644 | |||
--- a/src/sftpserver.c | |||
+++ b/src/sftpserver.c | |||
@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { | |||
/* take a copy of the whole packet */ | |||
msg->complete_message = ssh_buffer_new(); | |||
+ if (msg->complete_message == NULL) { | |||
+ ssh_set_error_oom(session); | |||
+ sftp_client_message_free(msg); | |||
+ return NULL; | |||
+ } | |||
+ | |||
ssh_buffer_add_data(msg->complete_message, | |||
ssh_buffer_get(payload), | |||
ssh_buffer_get_len(payload)); | |||
-- | |||
GitLab | |||
From dbfb7f44aa905a7103bdde9a198c1e9b0f480c2e Mon Sep 17 00:00:00 2001 | |||
From: Andreas Schneider <asn@cryptomilk.org> | |||
Date: Wed, 3 Jun 2020 10:05:51 +0200 | |||
Subject: [PATCH 2/4] sftpserver: Add missing return check for | |||
ssh_buffer_add_data() | |||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||
--- | |||
src/sftpserver.c | 11 ++++++++--- | |||
1 file changed, 8 insertions(+), 3 deletions(-) | |||
diff --git a/src/sftpserver.c b/src/sftpserver.c | |||
index b639a2ce..9117f155 100644 | |||
--- a/src/sftpserver.c | |||
+++ b/src/sftpserver.c | |||
@@ -73,9 +73,14 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { | |||
return NULL; | |||
} | |||
- ssh_buffer_add_data(msg->complete_message, | |||
- ssh_buffer_get(payload), | |||
- ssh_buffer_get_len(payload)); | |||
+ rc = ssh_buffer_add_data(msg->complete_message, | |||
+ ssh_buffer_get(payload), | |||
+ ssh_buffer_get_len(payload)); | |||
+ if (rc < 0) { | |||
+ ssh_set_error_oom(session); | |||
+ sftp_client_message_free(msg); | |||
+ return NULL; | |||
+ } | |||
ssh_buffer_get_u32(payload, &msg->id); | |||
-- | |||
GitLab | |||
From 65ae496222018221080dd753a52f6d70bf3ca5f3 Mon Sep 17 00:00:00 2001 | |||
From: Andreas Schneider <asn@cryptomilk.org> | |||
Date: Wed, 3 Jun 2020 10:10:11 +0200 | |||
Subject: [PATCH 3/4] buffer: Reformat ssh_buffer_add_data() | |||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||
--- | |||
src/buffer.c | 35 ++++++++++++++++++----------------- | |||
1 file changed, 18 insertions(+), 17 deletions(-) | |||
diff --git a/src/buffer.c b/src/buffer.c | |||
index a2e6246a..476bc135 100644 | |||
--- a/src/buffer.c | |||
+++ b/src/buffer.c | |||
@@ -299,28 +299,29 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer) | |||
*/ | |||
int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) | |||
{ | |||
- buffer_verify(buffer); | |||
+ buffer_verify(buffer); | |||
- if (data == NULL) { | |||
- return -1; | |||
- } | |||
+ if (data == NULL) { | |||
+ return -1; | |||
+ } | |||
- if (buffer->used + len < len) { | |||
- return -1; | |||
- } | |||
+ if (buffer->used + len < len) { | |||
+ return -1; | |||
+ } | |||
- if (buffer->allocated < (buffer->used + len)) { | |||
- if(buffer->pos > 0) | |||
- buffer_shift(buffer); | |||
- if (realloc_buffer(buffer, buffer->used + len) < 0) { | |||
- return -1; | |||
+ if (buffer->allocated < (buffer->used + len)) { | |||
+ if (buffer->pos > 0) { | |||
+ buffer_shift(buffer); | |||
+ } | |||
+ if (realloc_buffer(buffer, buffer->used + len) < 0) { | |||
+ return -1; | |||
+ } | |||
} | |||
- } | |||
- memcpy(buffer->data+buffer->used, data, len); | |||
- buffer->used+=len; | |||
- buffer_verify(buffer); | |||
- return 0; | |||
+ memcpy(buffer->data + buffer->used, data, len); | |||
+ buffer->used += len; | |||
+ buffer_verify(buffer); | |||
+ return 0; | |||
} | |||
/** | |||
-- | |||
GitLab | |||
From df0acab3a077bd8ae015e3e8b4c71ff31b5900fe Mon Sep 17 00:00:00 2001 | |||
From: Andreas Schneider <asn@cryptomilk.org> | |||
Date: Wed, 3 Jun 2020 10:11:21 +0200 | |||
Subject: [PATCH 4/4] buffer: Add NULL check for 'buffer' argument | |||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||
--- | |||
src/buffer.c | 4 ++++ | |||
1 file changed, 4 insertions(+) | |||
diff --git a/src/buffer.c b/src/buffer.c | |||
index 476bc135..ce12f491 100644 | |||
--- a/src/buffer.c | |||
+++ b/src/buffer.c | |||
@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer) | |||
*/ | |||
int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) | |||
{ | |||
+ if (buffer == NULL) { | |||
+ return -1; | |||
+ } | |||
+ | |||
buffer_verify(buffer); | |||
if (data == NULL) { | |||
-- | |||
GitLab | |||
@ -1,41 +0,0 @@ | |||
From 6417f5a3cac8537ac6f6ff7fc1642dfaa0917fb4 Mon Sep 17 00:00:00 2001 | |||
From: Jakub Jelen <jjelen@redhat.com> | |||
Date: Thu, 16 Apr 2020 11:13:34 +0200 | |||
Subject: [PATCH] channels: Avoid returning SSH_AGAIN from | |||
ssh_channel_poll_timeout() | |||
This addresses a regression introduced in 3bad0607, partially fixed in 022409e9, | |||
but the function was still able to return SSH_AGAIN, which was not expected by | |||
callers. | |||
Based on discussion in [1] and [2] | |||
[1] https://gitlab.com/libssh/libssh-mirror/-/merge_requests/101 | |||
[2] https://www.libssh.org/archive/libssh/2020-03/0000029.html | |||
Signed-off-by: Jakub Jelen <jjelen@redhat.com> | |||
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | |||
--- | |||
src/channels.c | 6 ++++++ | |||
1 file changed, 6 insertions(+) | |||
diff --git a/src/channels.c b/src/channels.c | |||
index bcc1c207..9fe309d0 100644 | |||
--- a/src/channels.c | |||
+++ b/src/channels.c | |||
@@ -3116,6 +3116,12 @@ int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr) | |||
session->session_state == SSH_SESSION_STATE_ERROR) { | |||
rc = SSH_ERROR; | |||
goto out; | |||
+ } else if (rc == SSH_AGAIN) { | |||
+ /* If the above timeout expired, it is ok and we do not need to | |||
+ * attempt to check the read buffer. The calling functions do not | |||
+ * expect us to return SSH_AGAIN either here. */ | |||
+ rc = SSH_OK; | |||
+ goto out; | |||
} | |||
len = ssh_buffer_get_len(stdbuf); | |||
if (len > 0) { | |||
-- | |||
2.26.2 | |||